rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 921724 from home:scabrero:branches:network

Browse Source 
Add CVE references from SLE to prepare submission for SLE 15 SP4/Leap 15.4

OBS-URL: https://build.opensuse.org/request/show/921724
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=254
This commit is contained in:
Samuel Cabrero 2021-09-30 16:39:57 +00:00 committed by Git OBS Bridge
parent cba0a3d8f7
commit 10dc124f2d
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
krb5-mini.changes
View File

@ -72,7 +72,7 @@ Thu Nov 19 09:30:13 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
protocol messages; (CVE-2020-28196); (bsc#1178512);
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
@ -276,7 +276,8 @@ Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
cross-realm S4U2Self requests is also now more robust
(CVE-2018-20217).
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.

5
krb5.changes
View File

@ -85,7 +85,7 @@ Thu Nov 19 09:30:13 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
protocol messages; (CVE-2020-28196); (bsc#1178512);
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
@ -299,7 +299,8 @@ Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
cross-realm S4U2Self requests is also now more robust
(CVE-2018-20217).
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.